As is known, the use of systems implementing public packet-like communication networks, like the IP network, for data exchanging and/or multimedia streaming requires the use of security solutions able to ensure the integrity of the data and the authenticity of the parties in a connection.
The most used solutions for implementing such security measures generally provide for an extension of the existing communication protocols by virtue of the introduction of new portions (e.g. specific fields) or the modification of already existing fields within application protocols.
In general, every application protocol (such as SOAP-Simple Object Access Protocol; HTTP-HyperText Transfer Protocol; Java RMI-Java Remote Method Invocation; IIOP-Internet Inter-Orb Protocol) defines one or more fields whose content is defined according to the specific protocol. For example, SOAP, used in the invocation of web services, includes a “header” and a “body”, used for describing the content of the transmitted message. A “secure” extension of SOAP, called WS-Security, introduces specific fields both for transmitting information about the identity of the invoking application (for example, in the header SOAP) and for ensuring the integrity of the request or the web-service invocation response (contained in the SOAP body).
The above approach cannot be always applied since it is not always possible to modify or extend the existing protocols or the applications using them (“legacy” applications) so as to add authentication and integrity information to the transmitted messages. Examples of protocols that cannot be modified are RTP (Real-Time Protocol), FTP (File Transfer Protocol), Telnet Protocol and many other protocols of the group TCP/IP-Transmission Control Protocol/Internet Protocol, since these protocols have been designed without taking into account any security requirements.
Other solutions for implementing security measures include using application protocols that are “secure” at a transport or at a network level (according to the International Standards Organization (ISO) Open System Interconnection (OSI)—ISO/OSI model). Examples of such solutions are SSL (Secure Socket Layer) or protocols providing secure tunnels, such as IPSEC (IPSecurity). This approach generally provides for message ciphering and authentication by encapsulating the original communications stream into messages of the secure communication protocol.
U.S. Pat. No. 6,842,860 discloses a solution using a partial message authentication code, wherein a message authentication code is applied to only some portions of the message.
US 2005/0228983 discloses a system including a secure side channel and a unsecured legacy channel. In one embodiment, a client hashes some of the content sent over the unsecured channel and sends the hash over the secure channel. The server then hashes the content received over the unsecured channel and compares the hash it generates to the one received over the secure channel to determine whether the message posted over the unsecured channel has been altered.
US 200370120924 discloses a method for checking the integrity of a message transmitted between a sender and a recipient. In the transmitted end, an authentication value is generated from a message to be sent. A check code is formed from the authentication value and a random string. The first message is transferred from the sender to the recipient through a first channel, and the check code is transferred through a second secure channel. In the receiving end an authentication check is formed based on the received message. The integrity of the received message is checked by comparing the check values in the receiving end.